While this move seems odd, the new binaries are properly signed and the domains have been updated accordingly. If this was another project, like Rails, the maintainer could come out and say they were hacked and the last good version was X. Otherwise, the project would likely die off.
But since we know so little about the TrueCrypt maintainers, there's little way for us to hear that this isn't legitimate. In order to keep the project from dying (if this is a hoax), they would have to prove that they are the maintainers, because any plausible deniability would undermine their claim that the change was not legitimate.
If two groups with opposing messages control the key, it's pretty clear that the key is compromised in some manner.